NEWS

2.0.32 (2021-04-18)
===================

* Test release performed with GitHub Actions.

2.0.29 (2021-04-16)
===================

* Loosen some overly tight restrictions on JP2 codestreams, which caused
  some valid codestreams to be rejected. (#289)

2.0.28 (2021-03-29)
===================

* Fix potential null pointer dereference in the JP2/JPC decoder. (#269)
* Fix ignoring of JAS_STREAM_FILEOBJ_NOCLOSE at stream close time. (#286)
* Fix integral type sizing problem in JP2 codec. (#284)

2.0.27 (2021-03-18)
===================

* Check for an image containing no samples in the PGX
  decoder. (#271, #272, #273, #274, #275, #276, #281)
* Check for dimensions of zero in the JPC and JPEG decoders.
* Fix an arguably incorrect type for an integer literal
  in the PGX decoder. (#270)
* Check for an invalid component reference in the
  JP2 decoder. (#269)
* Check on integer size in JP2 decoder. (#278)

2.0.26 (2021-03-05)
===================

* Fix JP2 decoder bug that can cause a null pointer dereference for
  some invalid CDEF boxes. (#268) (CVE-2021-3467)

2.0.25 (2021-02-07)
===================

* Fix memory-related bugs in the JPEG-2000 codec resulting from
  attempting to decode invalid code streams. (#264, #265)
  This fix is associated with CVE-2021-26926 and CVE-2021-26927.
* Fix wrong return value under some compilers (#260)
* Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259) 

2.0.24 (2021-01-03)
===================

* Add JAS_VERSION_MAJOR, JAS_VERSION_MINOR, JAS_VERSION_PATCH
  for easier access to the JasPer version.
* Fixes stack overflow bug on Windows, where variable-length
  arrays are not available. (#256)

2.0.23 (2020-12-08)
===================

* Fix CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c
  https://github.com/jasper-software/jasper/issues/252

2.0.22 (2020-10-05)
===================

* Update manual

* Remove JPEG dummy codec. Jasper needs libjpeg for JPEG support

* Fix test suite build failure regarding disabled MIF codec (#249)

* Fix OpenGL/glut detection (#247)

2.0.21 (2020-09-20)
===================

* Fix ZDI-15-529
  https://github.com/jasper-software/jasper/pull/245

* Fix CVE-2018-19541 in decoder
  https://github.com/jasper-software/jasper/pull/244

2.0.20 (2020-09-05)
===================

* Fix several ISO/IEC 15444-4 conformance bugs

* Fix new variant of CVE-2016-9398

* Disable the MIF codec by default for security reasons (but it is still
  included in the library);
  in a future release, the MIF codec may also be excluded from the
  library by default

* Add documentation for the I/O streams library API

2.0.19 (2020-07-11)
===================

* Fix CVE-2018-9154
  https://github.com/jasper-software/jasper/issues/215
  https://github.com/jasper-software/jasper/issues/166
  https://github.com/jasper-software/jasper/issues/175
  https://github.com/jasper-maint/jasper/issues/8

* Fix CVE-2018-19541 in encoder
  https://github.com/jasper-software/jasper/pull/199
  https://github.com/jasper-maint/jasper/issues/6

* Fix CVE-2016-9399, CVE-2017-13751
  https://github.com/jasper-maint/jasper/issues/1

* Fix CVE-2018-19540
  https://github.com/jasper-software/jasper/issues/182
  https://github.com/jasper-maint/jasper/issues/22

* Fix CVE-2018-9055
  https://github.com/jasper-maint/jasper/issues/9

* Fix CVE-2017-13748
  https://github.com/jasper-software/jasper/issues/168

* Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505
  https://github.com/jasper-maint/jasper/issues/3
  https://github.com/jasper-maint/jasper/issues/4
  https://github.com/jasper-maint/jasper/issues/5
  https://github.com/jasper-software/jasper/issues/88
  https://github.com/jasper-software/jasper/issues/89
  https://github.com/jasper-software/jasper/issues/90

* Fix CVE-2018-9252
  https://github.com/jasper-maint/jasper/issues/16

* Fix CVE-2018-19139
  https://github.com/jasper-maint/jasper/issues/14

* Fix CVE-2018-19543, CVE-2017-9782
  https://github.com/jasper-maint/jasper/issues/13
  https://github.com/jasper-maint/jasper/issues/18
  https://github.com/jasper-software/jasper/issues/140
  https://github.com/jasper-software/jasper/issues/182

* Fix CVE-2018-20570
  https://github.com/jasper-maint/jasper/issues/11
  https://github.com/jasper-software/jasper/issues/191

* Fix CVE-2018-20622
  https://github.com/jasper-maint/jasper/issues/12
  https://github.com/jasper-software/jasper/issues/193

* Fix CVE-2016-9398
  https://github.com/jasper-maint/jasper/issues/10

* Fix CVE-2017-14132
  https://github.com/jasper-maint/jasper/issues/17

* Fix CVE-2017-5499
  https://github.com/jasper-maint/jasper/issues/2
  https://github.com/jasper-software/jasper/issues/63

* Fix CVE-2018-18873
  https://github.com/jasper-maint/jasper/issues/15
  https://github.com/jasper-software/jasper/issues/184

* Fix https://github.com/jasper-software/jasper/issues/207

* Fix https://github.com/jasper-software/jasper/issues/194 part 1

* Fix CVE-2017-13750
  https://github.com/jasper-software/jasper/issues/165
  https://github.com/jasper-software/jasper/issues/174

* New option -DJAS_ENABLE_HIDDEN=true to not export internal symbols in the public symbol table

* Fix various memory leaks

* Plenty of code cleanups, and performance improvements

* Some macros were changed to inline functions.  This has to potential to
  impact some code that made assumptions about the implementation.  Some
  potentially impacted macros include:
      jas_matrix_numrows, jas_matrix_numcols
      jas_matrix_get
      jas_seq_get, jas_seq_start, jas_seq_end
      jpc_ms_gettype
      jas_matrix_set and jas_seq_set is affected differently; the old macro was
      an actual expression returning the value, while the new function does not.
  The following macros have been changed, too, but are likely not
  affected, since they have been an rvalue-expression anyway:
      JP2_DTYPETOBPC, JP2_BPCTODTYPE
      JAS_IMAGE_CDT_{SETSGND,GETSGND,SETPREC,GETPREC}
      jas_image_cmptdtype
      macros from here
      jas_matrix_setv, jas_matrix_getvref
      jas_matrix_bind{row,col}
      the jpc_fix_ family
      the JPC_QCX and JPC_COX families